Feature development & monitoring tips
The Kill Switch – A Look into a Hackers Methodology Overview We’re kicking off a new series of blogs featuring some of the best live and recorded content from our consultants with Alex’s ‘The Kill Switch’ talk as seen at the Future of Cybersecurity Event. Alex talks us through a hackers methodology. Focusing on threat […]
Find Out MoreAs mobile applications are becoming increasingly popular, the need to secure them is greater than ever. All mobile applications should implement these three core defences to significantly reduce the threat landscape and discourage opportunist attackers.
Find Out MoreCross Site Scripting (XSS) is one of the most well covered web application issues around, however it is surprising how little people truly understand the concept of DOM Based vectors. This blog will aim to clear that confusion up, discussing the difference between traditional and DOM based XSS.
Find Out MoreThe average Mac user might be forgiven for thinking that their meticulously crafted login password is enough to protect their data; however, it may be surprising to learn that password strength alone is entirely redundant should a determined attacker manage to get their hands on your machine.
Find Out MoreAmazon S3 is a great, cheap and flexible option when it comes to sharing and hosting files. However what is not great is that any file can be uploaded to a S3 bucket. And by any file we mean any file including malicious files. It is very common for people not to check the files that are uploaded to S3. But it is possible to virus scan files uploaded to S3. it just takes a little bit of work.
Find Out MorePHP Deserialization vulnerabilities are rarely seen on Greybox application assessments, however these should not be overlooked. This blog will look at PHP Deserialzation/Object injection covering how these vulnerabilities can be spotted and the exploit code required to read local files.
Find Out MoreInjection Attacks are 1st in the OWASP TOP 10 list of vulnerabilities, they are not limited to SQL Injections. Here we talk about different types of Injection Attacks.
Find Out MoreIn our third part of our SQL Series we look at how to guard against a lesser known but just as serious vulnerability, Second Order Injection.
Find Out MoreAs a penetration tester, cracking hashes can be a great post exploitation activity for both the fun and value to a client, providing a great way of showing the severity of an issue (but mostly for the fun). In this blog I’ll show you an in-depth look at cracking hashes with known formats.
Find Out More